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WHAT IS CLAIMED IS: 

1 . A method for persisting virtual private network structures across multiple 
network addresses assigned to a mobile node, the method comprising: 

setting up a virtual private network tunnel between a virtual private network 
5 tunnel server and the mobile node, wherein virtual private network structures supporting 
the virtual private network tunnel are based upon a home address specified for the mobile 
node; 

assigning a new network address to the mobile node, the new network address 
differing from the home address for the mobile node; 
10 transmitting, by the mobile node, a binding update to the virtual private network 

tunnel server specifying the new network address; and 

creating a mapped relation from the new network address to the home address for 
the mobile node, thereby facilitating continued use of virtual private network structures 
that are based upon the home address for the mobile node. 

15 

2. The method of claim 1 wherein the virtual private network structures 
comprise security structures. 

3. The method of claim 2 wherein the security structures comprise Internet 
20 security structures. 

4. The method of claim 1 wherein the virtual private network structures 
comprise tunnel structures. 

25 5. The method of claim 1 wherein the creating step comprises updating, by 

the virtual private network tunnel server, a mapping structure to incorporate the new 
network address information provided within the binding update. 

6. The method of claim 1 further comprising, after the transmitting step, the 
30 further steps of: 
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receiving, by the mobile node, a message packet from the virtual private network 
tunnel server including the new network address; and 

replacing, by the mobile node, the new network address by the home address in a 
destination field of the received message packet. 

5 

7. The method of claim 6 wherein the replacing step is performed by an 
intermediate protocol stack layer that implements packet address handling policies and 
wherein the received message packet is thereafter passed up to clients of the intermediate 
protocol stack layer. 

10 

8. The method of claim 7 wherein the intermediate protocol stack layer 
comprises an Internet protocol layer. 

9. The method of claim 1 further comprising, after the transmitting step, the 
1 5 further step of: 

placing, by the mobile node, the new network address within the source address 
field and the home address within an extension header of packets transmitted to the 
virtual private network tunnel server. 

20 10. The method of claim 9 further comprising the step of: 

replacing, by the virtual private network tunnel server, the new network address 
by the home address specified within the extension header of the packets transmitted by 
the mobile node to the virtual private network tunnel server. 

25 11. The method of claim 10 wherein the replacing step is performed by an 

intermediate protocol stack layer that implements packet address handling policies and 
wherein the received packets are thereafter passed up to clients of the intermediate 
protocol stack layer. 
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12. A computer-readable medium including computer-executable instructions 
for facilitating persisting virtual private network structures across multiple network 
addresses assigned to a mobile node, the method comprising: 

setting up a virtual private network tunnel between a virtual private network 
5 tunnel server and the mobile node, wherein virtual private network structures supporting 
the virtual private network tunnel are based upon a home address specified for the mobile 
node; 

assigning a new network address to the mobile node, the new network address 
differing from the home address for the mobile node; 
10 transmitting, by the mobile node, a binding update to the virtual private network 

tunnel server specifying the new network address; and 

creating a mapped relation from the new network address to the home address for 
the mobile node, thereby facilitating continued use of virtual private network structures 
that are based upon the home address for the mobile node. 

15 

13. The computer-readable medium of claim 12 wherein the virtual private 
network structures comprise security structures. 

14. The computer- readable medium of claim 13 wherein the security 
20 structures comprise Internet security structures. 

1 5. The computer-readable medium of claim 12 wherein the virtual private 
network structures comprise tunnel structures. 

25 16. The computer-readable medium of claim 12 wherein the creating step 

comprises updating, by the virtual private network tunnel server, a mapping structure to 
incorporate the new network address information provided within the binding update. 
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17. The computer-readable medium of claim 12 further comprising computer 
executable instructions for performing, after the transmitting step, the further steps of: 
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receiving, by the mobile node, a message packet from the virtual private network 
tunnel server including the new network address; and 

replacing, by the mobile node, the new network address by the home address in a 
destination field of the received message packet. 

5 

1 8. The computer-readable medium of claim 1 7 wherein the replacing step is 
performed by an intermediate protocol stack layer that implements packet address 
handling policies and wherein the received message packet is thereafter passed up to 
clients of the intermediate protocol stack layer. 

10 

19. The computer-readable medium of claim 18 wherein the intermediate 
protocol stack layer comprises an Internet protocol layer. 



20. The computer-readable medium of claim 12 further comprising computer- 
1 5 executable instructions for performing, after the transmitting step, the further step of: 

placing, by the mobile node, the new network address within the source address 
field and the home address within an extension header of packets transmitted to the 
virtual private network tunnel server. 
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21 . A mobile network node facilitating persisting virtual private network 
structures across multiple network addresses assigned to the mobile node, the mobile 
node including a communications protocol stack comprising computer-executable 
instructions facilitating performing, by the mobile node, the steps of: 

5 setting up a virtual private network tunnel between a virtual private network 

tunnel server and the mobile node, wherein virtual private network structures supporting 
the virtual private network tunnel are based upon a home address specified for the mobile 
node; 

assigning a new network address to the mobile node, the new network address 
10 differing from the home address for the mobile node; 

transmitting, by the mobile node, a binding update to the virtual private network 
tunnel server specifying the new network address; and 

creating a mapped relation from the new network address to the home address for 
the mobile node, thereby facilitating continued use of virtual private network structures 
1 5 that are based upon the home address for the mobile node. 

22. The mobile node of claim 21 wherein the virtual private network 
structures comprise security structures. 

20 23. The mobile node of claim 22 wherein the security structures comprise 

Internet security structures. 

24. The mobile node of claim 21 wherein the virtual private network 
structures comprise tunnel structures. 

25 

25. The mobile node of claim 21 further comprising computer executable 
instructions for performing, after the transmitting step, the further steps of: 

receiving, by the mobile node, a message packet from the virtual private network 
tunnel server including the new network address; and 
30 replacing, by the mobile node, the new network address by the home address in a 

destination field of the received message packet. 
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26. The mobile node of claim 25 wherein the replacing step is performed by 
an intermediate protocol stack layer that implements packet address handling policies and 
wherein the received message packet is thereafter passed up to clients of the intermediate 

5 protocol stack layer. 

27. The mobile node of claim 26 wherein the intermediate protocol stack layer 
comprises an Internet protocol layer. 

10 28. The mobile node of claim 2 1 further comprising computer-executable 

instructions for performing, after the transmitting step, the further step of: 

placing, by the mobile node, the new network address within the source address 
field and the home address within an extension header of packets transmitted to the 
virtual private network tunnel server. 



15 
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29. A virtual private network (VPN) server facilitating persisting virtual 
private network structures across multiple network addresses assigned to a mobile node, 
the VPN server including computer-executable instructions facilitating performing, by 
the VPN server, the steps of: 
5 setting up a virtual private network tunnel between the VPN server and the mobile 

node, wherein virtual private network structures supporting the virtual private network 
tunnel are based upon a home address specified for the mobile node; 

first receiving, from the mobile node, a binding update to the virtual private 
network tunnel server specifying a new network address that was assigned to the mobile 
10 node, the new network address differing from the home address for the mobile node; and 

creating a mapped relation from the new network address to the home address for 
the mobile node, thereby facilitating continued use of virtual private network structures 
that are based upon the home address for the mobile node. 

1 5 30. The VPN server of claim 29 wherein the virtual private network structures 

comprise security structures. 

3 1 . The VPN server of claim 30 wherein the security structures comprise 
Internet security structures. 

20 

32. The VPN server of claim 29 wherein the virtual private network structures 
comprise tunnel structures. 

33. The VPN server of claim 29 wherein the creating step comprises updating, 
25 by the virtual private network tunnel server, a mapping structure to incorporate the new 

network address information provided within the binding update 



34. The VPN server of claim 29 further comprising computer executable 
instructions for performing, after the first receiving step, the steps of: 
30 receiving, by the VPN server, a message packet from the mobile including the 

new network address; and 
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replacing, by the virtual private network tunnel server, the new network address 
by the home address specified within an extension header of the received message packet. 

35. The VPN server of claim 34 wherein the replacing step is performed by an 
5 intermediate protocol stack layer that implements packet address handling policies and 
wherein the received packets are thereafter passed up to clients of the intermediate 
protocol stack layer. 



36. The VPN server of claim 35 wherein the intermediate protocol stack layer 
10 comprises an Internet protocol layer. 



